Microsoft Outlook Blocks Inline SVG Images to Curb Security Threats

Outlook users will no longer see inline SVG images as Microsoft strengthens defenses against phishing and malware.

Microsoft rolls out change globally

Microsoft’s web and Windows Outlook versions will no longer display inline SVG images, a format increasingly leveraged in cyberattacks. The company said it expects the change, which began rolling out in early September, to be fully implemented by mid-October.

According to Microsoft, the adjustment will have minimal impact, affecting less than 0.1% of images sent via Outlook. Instead of displaying the graphics, Outlook will now leave blank spaces as placeholders for the inline images. Users will still be able to access and view SVG files attached in the traditional format, however.

Why SVG files are dangerous

While SVG files are widely used for scalable graphics, attackers have increasingly weaponized them to bypass security mechanisms. Malicious SVGs have been used to drop malware and trick people into submitting credentials through rogue login forms. As BleepingComputer reported, security researchers have noted an alarming rise in phishing campaigns exploiting this vector, with reports citing a 1,800% increase in attacks between early 2024 and April 2025.

Platforms offering Phishing-as-a-Service (PhaaS) such as Tycoon2FA, Mamba2FA and Sneaky2FA, have further driven this trend, making sophisticated phishing techniques more accessible to threat actors.

Part of a broader security overhaul

This change is one step in Microsoft’s ongoing campaign to eliminate attack vectors within its ecosystem. In June, the company also blocked file types like .library-ms and .search-ms, both of which had been abused in targeted phishing and malware campaigns since at least 2022.

Over the years, Microsoft has progressively tightened controls around risky features: blocking VBA and XLM macros, disabling ActiveX controls and restricting untrusted XLL add-ins. Each of these moves aimed to harden Microsoft 365 and Office products against evolving attack methods.

The importance of specialized security software

Although Microsoft’s change is a welcome step toward safer email environments, relying solely on platform-level defenses may not be enough.

Complementary protection through specialized software like Bitdefender Ultimate Security can further strengthen defenses by blocking phishing attempts, detecting malware in attachments and safeguarding against evolving threat actors across all digital channels.